Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Debian: DSA-4970-1 Critical: OpenSSL Vulnerability Warning

debian
Calendar Grey September 7, 2021
Debian Logo
The Debian team has introduced enhancements to HAProxy, improving header length validation to better counteract possible security threats.
Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, ...

Summary

Additionally this update addresses #993303 introduced in DSA 4960-1
causing HAProxy to fail serving URLs with HTTP/2 containing '//'.

For the stable distribution (bullseye), this problem has been fixed in
version 2.2.9-2+deb11u2.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/haproxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: haproxy
CVE ID: CVE-2021-40346

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.